Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update tigera-apiserver probes #3102

Merged
merged 1 commit into from
Jan 18, 2024
Merged

Update tigera-apiserver probes #3102

merged 1 commit into from
Jan 18, 2024

Conversation

pasanw
Copy link
Contributor

@pasanw pasanw commented Jan 10, 2024
edited
Loading

Description

This PR suggests two changes to tigera-apiserver probes. I feel fairly confident that the first change is the correct way forward, but I am less sure about the second change.

  1. Remove the liveness probe.
    Liveness probes should be used when we can detect a condition that a restart has the potential to fix. I do not believe we are aware of such a condition within the API server so I am suggesting we remove this probe. The current liveness probe fails under conditions that a restart likely cannot fix (issues connecting to kube-apiserver, CPU contention)

  2. Update the readiness probe to better reflect readiness throughout the lifetime of the container.
    Currently, the probe checks whether the API server logged a successful started up. I am proposing that we embed this check within the /readyz endpoint and enable authorization checks (from tigera-apiserver to kube-apiserver) for that endpoint. This takes the readiness check from one that will always pass after successful startup, to one that is responsive to issues that may arise in requests between tigera-apiserver and kube-apiserver. Additionally, by installing our current check into /readyz, the execution of our check flows through the same middlewares as typical requests to the tigera-apiserver.

Point 2 relies on changes to our API server. See the linked PR for those changes.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@marvin-tigera marvin-tigera added this to the v1.33.0 milestone Jan 10, 2024
@pasanw pasanw force-pushed the apiserver-probes branch 4 times, most recently from e98cf53 to fae8b39 Compare January 16, 2024 23:48
@pasanw pasanw marked this pull request as ready for review January 16, 2024 23:52
@pasanw pasanw requested a review from a team as a code owner January 16, 2024 23:52
@pasanw
Update tigera-apiserver probes
a5b31b5 
Remove liveness probes as we are not currently tracking any conditions
that a restart would resolve. Update readiness probe to use /readyz,
which is now updated to better serve as an indicator of replica health
throughout the lifecycle of the container.
@pasanw pasanw merged commit 5ee4690 into tigera:master Jan 18, 2024
3 checks passed
@pasanw pasanw deleted the apiserver-probes branch January 18, 2024 19:17
@pasanw pasanw mentioned this pull request Jan 18, 2024
Merged
3 tasks
@danudey danudey modified the milestones: v1.33.0, v1.34.0 Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caseydavenport caseydavenport caseydavenport approved these changes

@hjiawei hjiawei Awaiting requested review from hjiawei

Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.34.0
Development

Successfully merging this pull request may close these issues.
4 participants
@pasanw @caseydavenport @danudey @marvin-tigera